Distributed Denial of Service (DDoS) attacks are a major headache for companies with online customers. Even major services such as Xbox Live, PSN, GitHub, and Steam are targeted by these cyberattacks, which makes the platforms inaccessible to legitimate users around the globe.
After taking down a major DDoS-for-hire website last year, law enforcement authority Europol is now targeting the site's users with legal action.
For those unaware, DDoS is a form of a cyberattack in which a service is flooded with a huge amount of artificial internet traffic from infected PCs. Servers incapable of processing these requests make the affected platform slow, and sometimes even inaccessible, for legitimate users. After taking down the biggest DDoS-for-hire website, webstresser.org, back in April 2018, Europol is now looking to take legal action against its 151,000 registered users.
The law enforcement body says that it is working with British and Dutch authorities to track down some users of the website, which it claims launched over four million DDoS attacks, and whose services could be hired for as little as €15 per month. Europol has warned that operations are already underway and at least 250 users of webstresser will soon "face action for the damage they have caused."
The authority has not explicitly stated what kind of punishments it expects to hand out to abusers, but has noted several examples, for example: one in which a 30-year-old individual in the UK was sentenced to three years in prison. Europol says that:
The DDoS-for-hire trend is a pressing issue, mainly due to how easily accessible it has become. Stresser and booter services have effectively lowered the entry barrier into cybercrime: for a small nominal fee, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic. The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions and police forces.
The law enforcement authority has further warned that cybercrime isn't victimless, and that people with any understanding of IT and cybersecurity should utilize their skills in legitimate professions offered by the industry rather than resorting to crimes such as DDoS attacks.